Revert "CI: remove 'setup_ssh' as ssh access is disabled"

The SSH setup is required for some private projects that pull in external repos via SSH. This reverts commit 4d5bca8f.

Revert "CI: remove 'setup_ssh' as ssh access is disabled"
The SSH setup is required for some private projects that pull in external repos via SSH. This reverts commit 4d5bca8f.
add2bb17 · Tobias Kahlki · 19ff9d08 · add2bb17 · add2bb17
Commit add2bb17 authored 11 months ago by Tobias Kahlki
--- a/build-pipeline-ci-test.yml
+++ b/build-pipeline-ci-test.yml
@@ -41,6 +41,7 @@ build:files:
    GIT_STRATEGY: none
  before_script:
    - !reference [.docker_check]
+    - !reference [.setup_ssh]
    - !reference [.setup_git_credentials]
    - !reference [.repo_checkout]
  script:
@@ -72,6 +73,7 @@ build:check-foo-branch:
    GIT_STRATEGY: none
  before_script:
    - !reference [.docker_check]
+    - !reference [.setup_ssh]
    - !reference [.setup_git_credentials]
    - !reference [.repo_checkout]
  script: |

--- a/build-pipeline.yml
+++ b/build-pipeline.yml
@@ -21,6 +21,30 @@ workflow:
        exit 1
    fi
+.setup_ssh: &setup_ssh
+  # Setup ssh key to access private repos
+  # https://docs.gitlab.com/ee/ci/ssh_keys/#ssh-keys-when-using-the-docker-executor
+  # An SSH keypair has been generated for the manifest's pipeline to be able to access
+  # all private repositories in the manifest. The private key has been stored in the
+  # CI/CD variable GITLAB_PRIVATE_KEY of the manifest repository. The public key has
+  # been added as a deploy key in GitLab's repository settings for all contained
+  # repositories.
+  - echo "Setup SSH"
+  - eval $(ssh-agent -s)
+  - echo "$GITLAB_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+  - mkdir -p ~/.ssh
+  - chmod 700 ~/.ssh
+  # Add GitLab server to known hosts
+  # https://docs.gitlab.com/ee/ci/ssh_keys/#verifying-the-ssh-host-keys
+  # In order to access the private repositories via SSH, the GitLab server has to be
+  # added to the known_hosts file. The host keys were determined using the command
+  #   ssh-keyscan [-p port] <gitlab-server>
+  # and have been stored in the GITLAB_KNOWN_HOSTS CI/CD variable.
+  - echo "$GITLAB_KNOWN_HOSTS" >> ~/.ssh/known_hosts
+  - chmod 644 ~/.ssh/known_hosts
+  # Write SSH configuration from variable to config file
+  - echo "$SSH_CONFIG" > ~/.ssh/config
 .setup_git_credentials: &setup_git_credentials
  - echo "Setup Git Credentials Cache"
  - git config --global credential.helper 'cache --timeout 86400'
@@ -244,6 +268,7 @@ workflow:
    FNG_INSTALL_URL: "${JOB_URL}/artifacts/${IMAGE_PATH}/${INSTALL_SCRIPT}"
  before_script:
    - *docker_check
+    - *setup_ssh
    - *setup_git_credentials
    - *repo_checkout
    - *setup_build
@@ -321,6 +346,7 @@ workflow:
    reports:
      junit: results/results-*.xml
  before_script:
+    - !reference [.setup_ssh]
    - !reference [.setup_git_credentials]
  script:
    - .gitlab-ci/scripts/download_file_from_latest_job.py